Field of Application
The present invention relates to the field of the methods, based on acquisition and electronic processing of biometric data, for the recognition of users of services, the fruition of which requires a registration and an authorization. Particularly, the invention relates to a method of registering and recognizing a user among a plurality of users registered to a service, having characteristics of remarkable rapidity.
The invention also relates to a recognition system which carries out the above method, as well as service delivery systems comprising such a recognition system.
Description of the Prior Art
In the context of the offering of services the fruition of which requires a recognition and an authorization, the need and the convenience of using recognition and/or identity verification and/or authorization methods based on acquisition and electronic processing of biometric data are more and more felt.
Such a need is felt, for example, in the field of services related to commercial payments, for example, POS (Point Of Sale) type services, or services for the automatic withdrawal of money from bank accounts, such as, for example, cash dispenser/ATM (Automated Teller Machine) type services.
In the known POS and/or ATM systems, a card holder (holder of a credit card or debit card) accesses a service through two steps, the first of which involves the use of the card itself, the second of which is a confirmation of the card holder's identity, by typing a numeric/alphanumeric identification code, for example, a PIN or password. Then, an “identity verification” or “authentication” function is carried out, enabling the use of the card. In this framework, it is possible to envisage replacing the identification code with a biometric datum of the user.
Recently, several further services are emerging, which could benefit from the fact of allowing an access based on an automatic user recognition, on the basis of a processing of biometric data: for example, a service of quick access to a controlled-access public or private location, such as a city public transportation station with entering turnstiles (typically, a subway station). Herein below, such services will be referred to, sometimes, in short, as “new services with validated access”.
On the other hand, a number of solutions for a verification of the user's identity based on the acquisition and processing of biometric data is known, derivable particularly from the field of the identity verification for security purposes (for example, to authorize or not entrance to restricted access areas, or to confidential data in an IT system).
The known solutions referred to are varied, both with respect to the biometric datum that is used (for example, fingerprint, or eye iris, or electrocardiographic or breath frequencies/patterns, or voice, or typing frequency/pressure on a keyboard) and with respect to the algorithms that are used for the comparison and recognition (usually, analytic “pattern-matching” algorithms).
However, the application of such known solutions to the above-mentioned application contexts is very troublesome.
In fact, for the above-mentioned application contexts, it is important to have sufficiently quick, convenient and simple acquisition procedures so as they are “attractive” for the user. This requirement already excludes most of the known solutions referred to.
A further problem, even more disadvantageous with respect to the felt needs in the mentioned contexts, is connected with the fact that the above-mentioned known solutions relate at most to an “identity verification” or “authentication” function, in the meaning explained above, while do not meet the need to “recognize” the user. In fact, for a “recognition service”, the user must be identified without first having to introduce a presentation of him/herself, e.g., by inserting an identification card, or a credit or cash card.
Now, an “identity verification” service involves a mere “one-to-one” comparison between the acquired biometric data of the user and pre-registered biometric data of the same user.
On the contrary, a recognition service involves a “one-to-many” comparison between biometric data acquired from the user and and a plurality of previously registered biometric data, belonging to all the users registered for a given service. Such a plurality may be very numerous: in the field of the POS/ATM services, the number of registered users (for example, at a bank) is typically of hundreds of thousands or millions individuals. The same applies, for example, for a future assisted access service to the subway stations of a city.
Such quantitative data indicate what a difference is between the requirements to be met by a biometric method for an “identity verification” compared to a biometric method for a recognition, and allow understanding the reason why the developed solutions for the first field are completely unfeasible in the second one.
For these reasons, even when it might be possible to try applying known biometric authentication systems in the field of a “one-to-many” recognition service (in the meaning illustrated above), such solutions cannot be applied (actually, their application is not even conceivable) in the context of services requiring the recognition of a user among thousands, or hundreds of thousands, or even millions users, such as those contemplated by the present invention.
The main emerging problem relates to the duration of the recognition process, which requires a huge number of comparisons, rather than just one, before obtaining a result, which makes the idea of simply iterating many times in sequence the application of known identity verification biometric methods (such as those mentioned above) unfeasible as a recognition method.
In view of this problem, no feasible solutions can be found, not even resorting to solutions that are known in other fields, for example those based on the acquisition of fingerprints of a subject to be recognized and on scanning of a database of fingerprints to find a match. Such solutions, which are used, for example, in the legal investigation field, involve a recognition process duration which is longer, by several orders of magnitude, compared to the recognition process duration required in the application fields taken into account herein, which is acceptable if it lasts, at most, a few seconds.
In order to obviate the above-mentioned problems, possible improvements relating to the rapidity of the single comparison are useful, but not decisive. In fact, it has to be taken into account that the recognition methods, due to their own nature, must have a very high reliability degree as regards the recognition precision. Particularly, since the biometric data are identification codes that may be defined as “non-exact”, in which there cannot be an absolute, deterministic identity between the registered datum and the datum acquired upon the recognition step, the fact of obtaining, from such non-exact identification codes, recognition results having a reliability comparable to those that can be obtained from exact identification codes (such as passwords and PINs) is a technical objective that cannot be achieved by the above-mentioned prior art. Such an objective requires that each comparison between the acquired datum and each of the registered data is performed very accurately, by sophisticated algorithms, which implies that the reduction of processing time for a single comparison cannot be pushed beyond certain limits.
The reliability requirements are apparent, and very strict, in the applications of the POS/ATM type, but they are high also in the applications of other types, relating for example to the “new services with validated access”, mentioned above.
In brief, a biometric recognition method suitable to meet the needs of the application contexts considered in this invention must have a number of characteristics: simplicity and rapidity of acquisition of the biometric datum; processing speeds such as to allow a very fast recognition; high precision and reliability of the recognition.
No one of the solutions of the prior art, mentioned above, is capable of meeting at the same time all the needs mentioned above, and not even to offer a performance compromise approaching the required one.
Particularly, no one of the solutions of the prior art, mentioned above, can be applied in an efficient manner to the “new services with validated access”, such as those set forth above.